Merge branch 'main' into docs-editor/behavior-monitor-macos-1716573192

Author: denisebmsft

.openpublishing.publish.config.json

@@ -37,6 +37,30 @@
       },
       "build_entry_point": "docs"
     },
+    {
+      "docset_name": "defender-for-cloud",
+      "build_source_folder": "defender-for-cloud",
+      "build_output_subfolder": "defender-for-cloud",
+      "locale": "en-us",
+      "monikers": [],
+      "open_to_public_contributors": true,
+      "type_mapping": {
+        "Conceptual": "Content"
+      },
+      "build_entry_point": "docs"
+    },
+    {
+      "docset_name": "defender-for-iot",
+      "build_source_folder": "defender-for-iot",
+      "build_output_subfolder": "defender-for-iot",
+      "locale": "en-us",
+      "monikers": [],
+      "open_to_public_contributors": true,
+      "type_mapping": {
+        "Conceptual": "Content"
+      },
+      "build_entry_point": "docs"
+    },
     {
       "docset_name": "defender-office-365",
       "build_source_folder": "defender-office-365",
@@ -115,6 +139,5 @@
   "redirection_files": [
     ".openpublishing.redirection.defender.json",
     ".openpublishing.redirection.endpoint.json"
-  
   ]
 }

defender-endpoint/TOC.yml

@@ -961,35 +961,34 @@
       - name: View the details and results of an automated investigation
         href: autoir-investigation-results.md
 
-    - name: Next generation protection
-      href: autoir-investigation-results.md
-      items:
-      - name: Run and customize scheduled and on-demand scans
-        href: customize-run-review-remediate-scans-microsoft-defender-antivirus.md
-
     - name: Endpoint Attack Notifications
       href: endpoint-attack-notifications.md
 
+    - name: Run and customize scheduled and on-demand scans
+      href: customize-run-review-remediate-scans-microsoft-defender-antivirus.md
+
   - name: Reference
     items:
     - name: Microsoft Security Resources
       items: 
         - name: Threat actor naming
-          href: /defender/microsoft-threat-actor-naming
+          href: /defender-xdr/microsoft-threat-actor-naming
         - name: Malware names
-          href: /defender/malware-naming
+          href: /defender-xdr/malware-naming
         - name: How Microsoft identifies malware and PUA
-          href: /defender/criteria
+          href: /defender-xdr/criteria
         - name: Submit files for analysis
           href: /defender-xdr/submission-guide
         - name: Troubleshoot MSI portal errors caused by admin block
-          href: /defender/portal-submission-troubleshooting
+          href: /defender-xdr/portal-submission-troubleshooting
         - name: Microsoft virus initiative
-          href: /defender/virus-initiative-criteria
+          href: /defender-xdr/virus-initiative-criteria
         - name: Software developer FAQ
-          href: /defender/developer-faq
+          href: /defender-xdr/developer-faq
     - name: Malware information
       items: 
+       - name: Understanding malware
+         href: malware/understanding-malware.md
        - name: Coinminers
          href: malware/coinminer-malware.md
        - name: Exploits and Exploit Kits
@@ -1012,8 +1011,6 @@
          href: malware/support-scams.md
        - name: Trojans
          href: malware/trojans-malware.md
-       - name: Understanding malware
-         href: malware/understanding-malware.md
        - name: Unwanted software
          href: malware/unwanted-software.md
        - name: Worms
@@ -1414,6 +1411,8 @@
         href: partner-integration.md
       - name: Become a Microsoft Defender for Endpoint partner
         href: get-started-partner-integration.md
+      - name: Professional security services that integrate with Defender for Endpoint
+        href: professional-services.md
     - name: Integrations
       items:
       - name: Microsoft Defender for Endpoint integrations
@@ -1555,10 +1554,6 @@
       href: /defender-business
     - name: Defender Vulnerability Management
       href: /defender-vulnerability-management
-
-
-
-
 
 
 

defender-endpoint/attack-surface-reduction-rules-reference.md

@@ -42,9 +42,8 @@ This article provides information about Microsoft Defender for Endpoint attack s
 - [Per-rule-descriptions](#per-rule-descriptions)
 
 [!Include[Prerelease information](../includes/prerelease.md)]
+[!Include [defender-endpoint-setup-guide.md](../includes/mde-automated-setup-guide.md)]
 
-> [!TIP]
-> As a companion to this article, we recommend using the [Microsoft Defender for Endpoint automated setup guide](https://go.microsoft.com/fwlink/?linkid=2268088), which helps you utilize essential tools and automated features such as attack surface reduction and next-generation protection. When signed in to the Microsoft 365 admin center, this guide will customize your experience based on your environment. To review best practices without signing in and activating automated setup features, go to the [Microsoft 365 setup guide](https://go.microsoft.com/fwlink/?linkid=2268087).
 ## Attack surface reduction rules by type
 
 Attack surface reduction rules are categorized as one of two types:

defender-endpoint/attack-surface-reduction.md

@@ -31,7 +31,7 @@ ms.date: 05/02/2024
 **Platforms**
 - Windows
 
-[!INCLUDE [MDE automated setup guide](../includes/mde-automated-setup-guide.md)]
+[!INCLUDE [MDE automated setup guide](../includes/security-analyzer-setup-guide.md)]
 
 ## Why attack surface reduction rules are important
 

defender-endpoint/configure-server-endpoints.md

@@ -38,7 +38,7 @@ This article describes how to onboard specific Windows servers to Microsoft Defe
 
 For guidance on how to download and use Windows Security Baselines for Windows servers, see [Windows Security Baselines](/windows/device-security/windows-security-baselines).
 
-[!INCLUDE [MDE automated setup guide](../includes/mde-automated-setup-guide.md)]
+[!INCLUDE [MDE automated setup guide](../includes/security-analyzer-setup-guide.md)]
 
 ## Windows Server onboarding overview
 

defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md

@@ -64,8 +64,8 @@ Potentially unwanted applications can increase the risk of your network being in
 
 [Learn more about Windows Enterprise subscriptions](https://www.microsoft.com/microsoft-365/windows/windows-11-enterprise).
 
-> [!TIP]
-> As a companion to this article, we recommend using the [Microsoft Defender for Endpoint automated setup guide](https://go.microsoft.com/fwlink/?linkid=2268088), which helps you utilize essential tools and automated features such as attack surface reduction and next-generation protection. When signed in to the Microsoft 365 admin center, this guide will customize your experience based on your environment. To review best practices without signing in and activating automated setup features, go to the [Microsoft 365 setup guide](https://go.microsoft.com/fwlink/?linkid=2268087).
+[!Include [defender-endpoint-setup-guide.md](../includes/mde-automated-setup-guide.md)]
+
 ## Microsoft Edge
 
 The [new Microsoft Edge](https://support.microsoft.com/microsoft-edge/get-to-know-microsoft-edge-3f4bb0ff-58de-2188-55c0-f560b7e20bea), which is Chromium-based, blocks potentially unwanted application downloads and associated resource URLs. This feature is provided via [Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview).

defender-endpoint/device-control-overview.md

@@ -39,6 +39,8 @@ This list is intended to provide some examples. It's not an exhaustive list; the
 
 Device control helps protect your organization from potential data loss, malware, or other cyberthreats by allowing or preventing certain devices to be connected to users' computers. With device control, your security team can determine whether and what peripheral devices users can install and use on their computers. 
 
+[!Include [defender-endpoint-setup-guide.md](../includes/mde-automated-setup-guide.md)]
+
 ## Microsoft device control capabilities
 
 Device control capabilities from Microsoft can be organized into three main categories: device control in Windows, device control in Defender for Endpoint, and Endpoint Data Loss Prevention (Endpoint DLP).

defender-endpoint/linux-whatsnew.md

@@ -6,7 +6,7 @@ ms.author: dansimp
 author: dansimp
 ms.reviewer: kumasumit, gopkr
 ms.localizationpriority: medium
-ms.date: 05/16/2024
+ms.date: 05/24/2024
 manager: dansimp
 audience: ITPro
 ms.collection:
@@ -31,7 +31,27 @@ This article is updated frequently to let you know what's new in the latest rele
 
 - [What's new in Defender for Endpoint on macOS](mac-whatsnew.md)
 - [What's new in Defender for Endpoint on iOS](ios-whatsnew.md)
+<details>
+<summary> May-2024 (Build: 101.24042.0002 | Release version: 30.24042.0002.0)</summary>
+
+## May-2024 Build: 101.24042.0002 | Release version: 30.124042.0002.0
+
+&ensp;Released: **May 29, 2024**<br/>
+&ensp;Published: **May 29, 2024**<br/>
+&ensp;Build: **101.24042.0002**<br/>
+&ensp;Release version: **30.24042.0002.0**<br/>
+&ensp;Engine version: **1.1.24030.4**<br/>
+&ensp;Signature version: **1.407.521.0**<br/>
+
+**What's new**
+
+There are multiple fixes and new changes in this release:
 
+- In version 24032.0007, there was a known issue where the enrollment of devices to MDE Security Management failed when using the "Device Tagging" mechanism via the mdatp_managed.json file. This issue has been resolved in the current release.
+- Stability and performance improvements.
+- Other bug fixes.
+
+</details>
 <details>
 <summary> May-2024 (Build: 101.24032.0007 | Release version: 30.124032.0007.0)</summary>
 
@@ -65,6 +85,15 @@ There are multiple fixes and new changes in this release:
 - Stability and performance improvements.
 - Other bug fixes.
 
+**Known Issues**
+
+- There's a known issue where enrolling devices to MDE Security Management via "Device Tagging" mechanism using mdatp_managed.json is failing in 24032.0007. To mitigate this issue, use the following mdatp CLI command to tag devices:
+
+   ```bash
+   sudo mdatp edr tag set --name GROUP --value MDE-Management
+   ```
+    **The issue has been fixed in Build: 101.24042.0002**
+
 </details>
 
 <details>

defender-endpoint/mac-support-perf-overview.md

@@ -1,13 +1,15 @@
 ---
 title: Overview for how to troubleshoot performance issues for Microsoft Defender for Endpoint on macOS
-description: Troubleshoot performance issues overview for Microsoft Defender for Endpoint on macOS
+description: Troubleshoot performance issues overview for Microsoft Defender for Endpoint on macOS.
 author: YongRhee-MSFT 
 ms.author: yongrhee 
 ms.service: defender-endpoint
 ms.topic: overview
-ms.date: 03/01/2024
-ms.subservice: ngp
+ms.localizationpriority: medium
+ms.date: 05/29/2024
+ms.subservice: macos
 manager: dansimp
+ms.custom: partner-contribution
 ---
 
 # Overview for how to troubleshoot performance issues for Microsoft Defender for Endpoint on macOS
@@ -23,21 +25,23 @@ This article provides general guidelines to identify performance issues related
 
 Depending on the applications that you're running and your device characteristics, you might experience suboptimal performance when running Microsoft Defender for Endpoint on macOS. In particular, applications or system processes that access many resources over a short timespan can lead to performance issues in Microsoft Defender for Endpoint on macOS.
 
+> [!TIP]
+> As a general best practice, it is recommended to [update the Microsoft Defender for Endpoint agent to latest available version](/defender-endpoint/mac-whatsnew) and confirming that the issue still persists before investigating further.
+
 > [!CAUTION]
 > Running other third-party endpoint protection products alongside Microsoft Defender for Endpoint on MacOS is likely to lead to performance problems and unpredictable side effects. If non-Microsoft endpoint protection is an absolute requirement in your environment, you can configure Microsoft Defender Antivirus to run in **[Passive mode](mac-preferences.md)**. After you configure Passive mode, you can use Defender for Endpoint on Mac EDR functionality.
 
 > [!WARNING]
 > Before starting, make sure that other security products are not currently running on the device. Multiple security products might conflict and impact system performance.
 
 > [!TIP]
-> If you're running other third-party security products, make sure that the Microsoft Defender for Endpoint on macOS processes and paths are excluded from that 3rd party security product and that security product is excluded from Microsoft Defender for Endpoint on macOS.
-
-When troubleshooting performance issues for Microsoft Defender for Endpoint on macOS, you should review the **Activity Monitor** to see which of the three (3) processes is leading the high cpu utilization
+> If you're running other third-party security products, make sure that the Microsoft Defender for Endpoint on macOS processes and paths are excluded from that 3rd party security product and that security product is excluded from Microsoft Defender for Endpoint on macOS.  And vice-versa.
+When troubleshooting performance issues for Microsoft Defender for Endpoint on macOS, you should review the **Activity Monitor** or run **top** to see which of the three (3) processes is leading the high cpu utilization
 
 |Daemon name|Component|Troubleshooting guide|
 | -------- | -------- |-------- |
 |wdavdaemon| Core (privileged)|Open a [Microsoft support case](contact-support.md).|
-|wdavdaemon_unpriviliged| Antimalware (AV, EPP)|Review [Troubleshoot performance issues for Microsoft Defender for Endpoint on macOS](mac-support-perf.md).|
+|wdavdaemon_unprivileged| Antimalware (AV, EPP)|Review [Troubleshoot performance issues for Microsoft Defender for Endpoint on macOS](mac-support-perf.md).|
 |wdavdaemon_enterprise| Endpoint Detection and Response (EDR)|Open a [Microsoft support case](contact-support.md).|
 
 Additionally, gather [Defender for Endpoint Client Analyzer](run-analyzer-macos-linux.md) files while the issue occurs. This will be used by the support team to investigate the issue. 

defender-endpoint/microsoft-defender-antivirus-updates.md

@@ -45,7 +45,7 @@ This article also includes:
 > [!TIP]
 > To see the most current engine, platform, and signature date, visit the [Security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware](https://www.microsoft.com/en-us/wdsi/defenderupdates)
 
-[!INCLUDE [MDE automated setup guide](../includes/mde-automated-setup-guide.md)]
+[!INCLUDE [MDE automated setup guide](../includes/security-analyzer-setup-guide.md)]
 
 ## Security intelligence updates